140222 how to be a creative parent for slideshareAnnita Mau
In order to make a better world to live, we need more people who can cope with difficulties and crises, hence we need produce more kids who can stand up to challenges. First step is to convince the parents not to help their kids with everything. What is more useful than to train them to become a creative parent. A talk to 90 parents who are barely over 30 in a kindergarten at Tai Po on 22 Feb, 2014.
140222 how to be a creative parent for slideshareAnnita Mau
In order to make a better world to live, we need more people who can cope with difficulties and crises, hence we need produce more kids who can stand up to challenges. First step is to convince the parents not to help their kids with everything. What is more useful than to train them to become a creative parent. A talk to 90 parents who are barely over 30 in a kindergarten at Tai Po on 22 Feb, 2014.
Big Brother is watching. His name is Binder.
Binder is the only vehicle of inter process communication in Android, making it a prime target for attackers.
We'll provide a review of this sophisticated and little known mechanism, describe the multitude of dangers in its compromise and demonstrate several Binder-based data manipulation and theft attacks.
In depth (presentation outline):
* The Android malware world lags behind the PC in sophistication, but rapidly catching up. We believe the next generation of mobile malware is soon to come, and the Binder is a natural target.
* Binder Background (what makes it special?):
- The peculiarity of Android's architecture: on the idea of a userland OS built on top of the Linux kernel, and how Binder is critical to this concept.
- The inevitable security trade-off in Android: Minimizing the attack surface against the kernel, at the cost of introducing Binder as a classic single-point-of-control.
- How a developer sees the Binder (spoiler: he doesn't).
* In depth Binder mechanics (how does it work?):
- A detailed look at the data structures, classes and functions which define the behaviour of Binder, with a special focus on security-critical areas.
- Hooking Binder: How and where to control Android's IPC mechanism.
- Looking at the raw data travelling through Binder, and how to sift through it to find the interesting stuff (passwords, keyboard input, SMS, sound and many more).
- Why modern mobile AVs are having a hard time detecting these methods of operation.
* (Demonstrations) Comparing the "naive malware" approach and Man in the Binder philosophy to:
-> Logging keyboard input.
-> Capturing data sent between Activities.
-> Modifying sensitive information at runtime (i.e. faking a financial transaction, banking-trojan style).
* Mitigation:
- Why code obfuscation and app wrapping won't help you.
- Encrypting your data before it leaves the process (even within the same app!).
- Example: using an in-app keyboard securely.
We believe that this is ground-breaking work that has not been properly researched before: Binder’s central position in the Android architecture means that it is likely to become heavily attacked in the next few years. By shining a bright light on this topic, our research is a significant contribution to the security of the Android platform as a whole.
An earlier version of this research was presented at Black Hat Europe 2014 and Kaspersky SAS2015.
A white paper of the results up until a few months ago can be found here: https://www.blackhat.com/docs/eu-14/materials/eu-14-Artenstein-Man-In-The-Binder-He-Who-Controls-IPC-Controls-The-Droid.pdf